Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISMS policy and ISMS framework ( global document)

  Quote
Guest
karanbirsingh Created:   Aug 28, 2017 Last commented:   Aug 30, 2017

ISMS policy and ISMS framework ( global document)

Can you please explain the contents that are needed to be included in these documents??? Are ISMS objectives defined first or RA/RT is performed first?? Can organisations have ISMS policy defined before setting ISMS objectives? Because ISMS objectives are included in Policy, I believe policy is defined post objectives and these objectives are defined post RA/RT....
0 1

Assign topic to the user

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 30, 2017

1 - Can you please explain the contents that are needed to be included in these documents???

Answer: To be compliant with ISO 27001, an ISMS policy must define the purpose, direction, principles and basic rules for information security management.

To see an example of the content of an ISO 27001 ISMS policy I suggest you to take a look at the free demo of our Information Security Policy at this link: https://advisera.com/27001academy/documentation/information-security-policy/

For more information about ISMS policy, I also suggest you these materials:

- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- Information security policy – how detailed should it be? https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/

ISMS Framework usually stands for set of policies and procedures that need to be written to manage security in your company - for examples, see our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

2 - Are ISMS objectives defined first or RA/RT is performed first??

Answer: The top-level information security objectives are defined before the RA/RT, because they need to reflect the external and internal issues that are relevant and can prevent the ISMS to achieve the expected results.

3 - Can organisations have ISMS policy defined before setting ISMS objectives? Because ISMS objectives are included in Policy, I believe policy is defined post objectives and these objectives are defined post RA/RT…

Answer: You can define information security objectives before or after you publish your top-level ISMS policy - both approaches are allowed since the objectives can be documented in a separate document.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 28, 2017

Aug 30, 2017

Suggested Topics

Guest user Created:   Aug 27, 2020 ISO 9001
Replies: 1
0 0

ISO 9001 Quality Policy

Guest user Created:   Jun 01, 2020 ISO 9001
Replies: 1
0 0

Archived document control policy